.TH DES 1 "04 October 1993" "Linux" "Linux Programmer's Manual"
.SH NAME
des - encrypt or decrypt data using Data Encryption Standard
.SH SYNOPSIS
.PP
des -e | -d [ -b ] [ -h ] [ -k
.B key
]
.SH DESCRIPTION
.B des
is a filter that encrypts or decrypts standard input to standard output
with the Data Encryption Standard (DES).
Either -e (encrypt) or -d (decrypt) must be specified. If the key is not
given on the command line with the -k option the command will prompt for it
twice, suppressing echo and comparing the two responses to guard against
mistyping.
.P
The -h flag controls how the key string is to be interpreted.
Without the -h flag, the key is an ASCII string.
Since DES ignores the low
order bit of each key byte, the
high order bit is set for odd parity, thus retaining the information contained
in the low order bit.
If the -h flag is set, the key string is interpreted as
16 hex/ASCII characters; the low order bit of each byte is again ignored as per
the DES algorithm.
This allows the use of any arbitrary 56-bit key, including bytes representing
control characters that could not be typed if the -h option were not used.
.PP
By default, DES Cipher Block Chaining (CBC) mode is used, with an initial
vector (IV) of all zeros; if the -b option is specified, Electronic Code
Book (ECB) mode is used instead.
.PP
Except for the -h option, this command is compatible with the
.B des
command on the Sun Microsystems workstation.
.PP
If the -k option is not specified, you will be asked for a key (it will not
be displayed to your terminal as you type it).
.SH "SEE ALSO"
Sun Microsystems DES(1) manual page, which describes in detail how
the length of the file is encoded in the last block of ciphertext.
Also see the DES(3) manual page, included with this package. This describes
the libdes.a archive and it's functions, which are the basis of this
package. These functions are used extensively within the
.B des
program.
.SH BUGS
It would be better to use a real 56-bit key rather then an
ASCII-based 56-bit pattern. Knowing that the key was derived
from ASCII radically reduces the time necessary for a
brute-force cryptographic attack.
.SH AUTHORS
Phil Karn, KA9Q
Chris Cappuccio (chris@g386bsd.first.gmd.de)
